Browsing: Web Applications

In this section we will be publishing hacking tutorials related to pentesting web applications and webservers. You’ll be learning how hackers enumerate usernames on the very popular WordPress CMS and how passwords are bruteforced with wpscan. If you want to learn more about web vulnerability scanners like Nikto and Uniscan, you’re in the right section.

Today we’re going to do a small tutorial on subdomain enumeration with a tool called Sublist3r. Whether you’re a penetration tester enumerating possible attack vectors or a bug bounty hunter looking for domains that are in…

Uniscan is a simple but great tool for Remote File Include, Local File Include and Remote Command Execution vulnerability scanner. In this tutorial we will be exploring the webserver fingerprinting functionality in Uniscan on Kali Linux.…

In this tutorial we will be testing and using the Cloudflare resolver module in Websploit on Kali Linux. Cloudflare is a company that provides a content delivery network and distributed DNS (Domain Name Server) services, sitting…

In the next few tutorials I will explain how to use the different Websploit modules. WebSploit is an open source project for web application assessments. In this tutorial we will be using the websploit directory…

This tutorial in the category Wordpress hacking will teach you how to scan WordPress websites for vulnerabilities, enumerate Wordpress user accounts and brute force passwords. Enumerating WordPress users is the first step in a brute force attack in order…

Nikto is a very popular and easy to use webserver assessment tool to find potential problems and vulnerabilities very quickly. This tutorial shows you how to scan webservers for vulnerabilities using Nikto in Kali Linux. Nikto comes…